Date: Fri, 26 Oct 2001 07:59:56 +0800 From: "Jun Favoreal" <fpcf@hotmail.com> To: sumirati@yahoo.de Cc: questions@FreeBSD.org Subject: Re: bridging without ipfw Message-ID: <LAW2-F16MdNWYmX0nmR0000234e@hotmail.com>
next in thread | raw e-mail | index | archive | help
>From: m p <sumirati@yahoo.de> >To: junf@wavephil.com >Subject: Re: bridging without ipfw >Date: Thu, 25 Oct 2001 17:05:28 +0200 (CEST) > > --- Jun Favoreal <fpcf@hotmail.com> schrieb: > > > > > > > >From: m p <sumirati@yahoo.de> > > >To: junf@wavephil.com > > >CC: questions@freebsd.org > > >Subject: Re: bridging without ipfw > > >Date: Wed, 24 Oct 2001 11:29:42 +0200 (CEST) > > > > > > > > > > > >Rick Hunter wrote: > > > > > > > > Hello, > > > > > > > > I am running 4.3-RELEASE with the following additional > > > > kernel options set on the GENERIC kernel config file: > > > > > > > > options IPFIREWALL > > > > options IPFIREWALL_VERBOSE > > > > options IPFIREWALL_FORWARD > > > > options IPFIREWALL_DEFAULT_TO_ACCEPT > > > > options IPDIVERT > > > > options IPFILTER > > > > options IPFILTER_LOG > > > > options IPSTEALTH > > > > options DUMMYNET > > > > options QUOTA > > > > options NMBCLUSTERS=32768 > > > > options BRIDGE > > > > > > > > Compiled kernel successfully and installed it. Add > > > > > > > > net.link.ether.bridge=1 > > > > net.inet.ip.forwarding: 1 > > > > > > > > to sysctl.conf. Then, rebooted the machine. This is my > > > > network setup > > > > > > > > +--------+ +----------+ > > > > | PC +A-------B+ BRIDGE +C------[192.168.1.0/27] > > > > +--------+ ^ +----------+ [ Network ] > > > > | > > > > cross cable > > > > > > > > where > > > > > > > > A -- 192.168.1.5/27 > > > > B -- (no address) > > > > C -- 192.168.1.30/27 > > > > > > > > PROBLEM: > > > > PC cannot ping the outside network. > > > > The outside network cannot ping the PC. > > > > Therefore, bridge is not working. > > > > > > > > I have gone through all BRIDGE documentations. And I > > > > think I have followed everything (I think). Anything > > > > that I missed out ??? > > > > > > > > > >Hi Rick, > > > > > >the default rule for ipfw is "deny all". If you had not added "allow >what i > > >want" to ipfw it will not forward any pakets because of your rulebase. > > > > > >Take a look at your /etc/rc.conf and /etc/rc.firewall which type you >had > > >choose > > >and modify it to fit for you. > > > > From sysctl -a, > > > > net.link.ether.bridge_ipfw: 0 > > > > My understanding if this is zero is that bridged packets would not be > > filtered. I made this zero to simplify things and just focus on bridging > > without writing firewall rules. > > > > With regards to the default rulebase, the ipfw default is to accept > > everything. This is what I see in ipfw -a l, > > > > 65535 N N allow ip from any to any > > > > Still the question remains, why does it not work =) > > >Sorry, i overlooked that line: > > > > > options IPFIREWALL_DEFAULT_TO_ACCEPT > >Without that, the default is to deny everything. (That is what i normaly >do.) >Otherwise i have no clues .. and no testing equipment left. :) I also share the same thought already. But, yesterday, I tried this setup on another server running 4.3-RELEASE and with the same customized kernel options, same network diagram. This time it worked! My hunch is the problem might be with the NICs I used in the previous server. Both or one of the two might not be supported by FreeBSD's bridging. The two cards were ep0 and vx0. In the new server where bridging worked I had xl0 and xl1. What do you think ??? -- _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?LAW2-F16MdNWYmX0nmR0000234e>